What are the responsibilities and job description for the Security Operations Engineer position at Winsor Consulting Group, LLC?
About Winsor Consulting Group
Winsor Consulting Group is a Tucson-based compliance consulting and managed security services firm serving the Defense Industrial Base (DIB) and other regulated-sector clients across Arizona and Iowa. We specialize in CMMC, NIST 800-171, and cybersecurity programs built on Microsoft 365 GCC and GCC High. Our team helps clients design, deploy, and operate compliant, defensible environments, and we hold ourselves to the same standards we ask of them.
Position Summary
The Security Operations Engineer owns the day-to-day detection, investigation, and response work that protects Winsor and our clients from cyber threats. You will run SIEM operations, lead incident response engagements, and keep client environments aligned with CMMC Level 2 and other regulatory baselines. This is a hands-on role with broad ownership across tooling, monitoring, response, and program management. It is well-suited to an engineer who wants both technical depth and a seat at the strategy table.
CORE RESPONSIBILITIESDetection, Monitoring, and Incident Response:
In your first 90 days, you will have ramped on the Winsor security stack, taken ownership of monitoring for at least one client environment, and contributed measurable improvements to detection content or response runbooks. Within a year, you will be leading incident response engagements independently and helping shape how Winsor delivers security operations to the DIB and other regulated clients.
Winsor Consulting Group is a Tucson-based compliance consulting and managed security services firm serving the Defense Industrial Base (DIB) and other regulated-sector clients across Arizona and Iowa. We specialize in CMMC, NIST 800-171, and cybersecurity programs built on Microsoft 365 GCC and GCC High. Our team helps clients design, deploy, and operate compliant, defensible environments, and we hold ourselves to the same standards we ask of them.
Position Summary
The Security Operations Engineer owns the day-to-day detection, investigation, and response work that protects Winsor and our clients from cyber threats. You will run SIEM operations, lead incident response engagements, and keep client environments aligned with CMMC Level 2 and other regulatory baselines. This is a hands-on role with broad ownership across tooling, monitoring, response, and program management. It is well-suited to an engineer who wants both technical depth and a seat at the strategy table.
CORE RESPONSIBILITIESDetection, Monitoring, and Incident Response:
- Operate and tune SIEM platforms: configure log sources, investigate alerts, triage events, and drive remediation through resolution.
- Conduct rootcause analysis for both false positives and confirmed threats, and feed lessons learned back into detection content and runbooks.
- Lead incident response engagements endtoend, including coordination with legal, internal audit, and client stakeholders, and own postmortem analysis.
- Serve as the primary liaison between the client and Winsor during active security incidents.
- Administer and maintain the Winsor security stack across client environments, including endpoint and server antivirus, antiransomware, and EDR; comanaged threat detection and response platforms; continuous vulnerability management; application allowlisting; and identity, MFA, and conditional access tooling.
- Evaluate and onboard new security capabilities as the threat landscape and client requirements evolve.
- Implement and operate technical controls that keep client environments aligned with CMMC Level 2, NIST 800171, and related frameworks.
- Manage the information security risk platform: track remediation, report progress, and communicate risk posture to internal and client leadership.
- Maintain information security policies and procedures, including annual review cycles and adhoc updates as controls or business needs change.
- Participate in strategic design sessions with clients to translate business requirements into secure, compliant technical architectures.
- Translate technical findings into clear, actionoriented language for executive and nontechnical audiences.
- 2 years of cybersecurity experience, preferably in an MSP, MSSP, or consulting environment.
- Handson experience with SIEM platforms, endpoint protection (AV/EDR), vulnerability scanners, and ticketing systems.
- Working knowledge of the NIST Cybersecurity Framework and riskbased decision making.
- Strong foundation in IP networking (DNS, routing, messaging) and security configuration of routers, switches, and firewalls.
- Experience developing and maintaining security policies, procedures, standards, and runbooks.
- Strong written and verbal communication skills, particularly the ability to brief technical and executive audiences with equal clarity.
- High school diploma or equivalent.
- Associate's or Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- Professional certifications: CISSP, CISM, Security , CySA , or CMMC Registered Practitioner (RP).
- Experience operating in Microsoft 365 GCC or GCC High, Azure Government, or other regulated cloud environments.
- Familiarity with CMMC Level 2, NIST 800171, DFARS 252.2047012, or similar compliance frameworks.
- Experience with datasearch platforms such as OpenSearch or Elastic.
- Exposure to UTM firewalls, DLP, VPN, and identity/MFA platforms in a multitenant context.
In your first 90 days, you will have ramped on the Winsor security stack, taken ownership of monitoring for at least one client environment, and contributed measurable improvements to detection content or response runbooks. Within a year, you will be leading incident response engagements independently and helping shape how Winsor delivers security operations to the DIB and other regulated clients.